Skip to main content
TrustRadius
Splunk Enterprise Security (ES)

Splunk Enterprise Security (ES)

Overview

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Read more
Recent Reviews

TrustRadius Insights

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick …
Continue reading

Highly Recommended!

7 out of 10
September 12, 2023
Incentivized
Splunk Enterprise Security (ES) is integral to our cybersecurity strategy. It swiftly detects and responds to threats, addressing …
Continue reading

Splunk ES Review

9 out of 10
September 06, 2023
Incentivized
We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (100)
    9.4
    94%
  • Custom dashboards and workspaces (102)
    9.2
    92%
  • Incident indexing/searching (101)
    9.0
    90%
  • Deployment flexibility (101)
    8.3
    83%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

70 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.5
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise Security (ES)?

Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale. Ingest machine data from any source for full visibility to detect malicious threats in an environment. Investigate and correlate activities across multicloud and on-premises sources in one unified view to identify and remediate security incidents. Splunk Enterprise Security supports cloud, on-premises, and hybrid deployment models to meet the needs of the business. When deployed as a cloud-based SIEM, the vendor states Splunk Enterprise Security can deliver improved time to value, allowing teams to focus on higher value security tasks instead of managing infrastructure hardware and manual upgrades.

Splunk Enterprise Security (ES) Video

Threat intelligence capabilities can be found in a variety of products. In this video, the TrustRadius team goes over 4 leading products in the space, including Splunk Enterprise Security (ES).

Splunk Enterprise Security (ES) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.

IBM Security QRadar SIEM, LogRhythm NextGen SIEM Platform, and Securonix Next-Generation SIEM are common alternatives for Splunk Enterprise Security (ES).

Reviewers rate Centralized event and log data collection highest, with a score of 9.4.

The most common users of Splunk Enterprise Security (ES) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(251)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.

Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.

Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.

User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.

Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.

Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.

Users commonly recommend the following for Splunk Enterprise:

  1. Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.

  2. Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.

  3. Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.

Attribute Ratings

Reviews

(1-25 of 103)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Well Suited: What we admire most about Splunk is the significant improvements and capabilities it brings to the software with every major release. It is simply mind-blowing and easy to set up from a backend developer's point of view, as it is compatible with existing popular enterprise frameworks using microservice architecture (Spring Boot). Less Suited: Their enterprise plans are frankly costly. Cost wise, maybe it won't be suitable for small startups.
September 12, 2023

Highly Recommended!

Score 7 out of 10
Vetted Review
Verified User
Incentivized
Well-Suited Scenarios:

Real-Time Threat Response: ES excels in swiftly detecting and responding to security threats through data correlation.
Compliance Management: ES streamlines compliance with detailed logs and reports, ideal for regulated industries.
User Behavior Analytics: Effective in monitoring user and entity behavior, particularly for insider threat detection.
Large-Scale Environments: Valuable for organizations with diverse data sources and high volumes of data.
Incident Investigation: ES aids in post-incident analysis, reconstructing events to understand root causes.

Less Appropriate Scenarios:

Smaller Organizations: For simpler setups, ES may be complex and costly.
Static Environments: In low-risk settings, ES's advanced features may be unnecessary.
Limited Resources: Tight budgets or sparse IT resources may hinder effective ES use.
Lack of In-House Expertise: Without security experts, optimizing ES can be challenging.
Budget Constraints: ES may be cost-prohibitive for budget-conscious organizations, prompting consideration of more affordable alternatives.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I like how it's all one dashboard and there is not a separate SIEM from the actual log agregator. This makes investigation a lot more efficient and easy to complete said investigation. It is easy to close multiple alerts together and to link items when the notables are part of an overarching issue. It is also easy to make another notable. It is easy to change the risk score to lower the alerting threshold.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise Security (ES) protects company's infrastructure and we'll detected and automated alerts based on programmed alerts which is mainly threshold risk score Predefined use cases will help you to protect cloud environment and soc analysts can easily jump into them and enable them as they want Correlation methods will give you more exposure to track different ways to identify and get resolutions .
Score 8 out of 10
Vetted Review
Verified User
Incentivized
It is well suited for our analysts reviewing the alerts that come in each day. The risk based alerting system allows us to tune detections to eliminate noisy notables and ensure our analysts don’t get stuck dealing with alert fatigue. The information generated by ES allows us to create dashboards that easily communicate our accomplishments to higher leadership.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It is centrally integrated to manage and improve the detection of our security threats, instead of using other types of native and complementary tools. Integrations with these appliances are done through our applications and plugins that we can find within Splunkbase. All this using the APIs.Splunk Stream uses the collection of our network traffic to determine the application, the protocol, even if it is encrypted. All this is sent for later analysis.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise Security is a great fit for an organization that also utilizes Splunk in its environment. While there is a learning curve, if users and admins are already familiar with Splunk, it should be a straightforward task to get Enterprise Security up and running. It makes even more sense if the organization is already utilized Splunk Security Essentials. This is like Enterprise Security Lite - but much of the setup and configuration carries directly over to Enterprise Security.
jacod Jones | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk detects malware and all anomalies, there is no possibility of missing anything, we also have account control according to the privileges assigned by the company, which allows constant account monitoring and also avoids the danger of unauthorized access. Splunk does not have the best dashboard customization, nor is it the easiest to use, but I do think it is the one that keeps everything in order and allows us to comply with the entire complex security system.
Score 10 out of 10
Vetted Review
Verified User
I think Splunk Enterprise Security is well suited to respond to your business needs by providing rapid response to all kind of threats. I think is great for security operations and a trustable product. I would like to provide more comprehensive dashboards and options regarding security posture.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk is very good when integrating with other security logs like Mcafee, Trend Micro & Darktrace. The integration with the Firewall application is still a gap to cover as today the integration with some vendors such as Palo Alto and Bluecoat is not straightforward yet.
Score 10 out of 10
Vetted Review
Verified User
Splunk Intelligence Management can be used by any company that is looking to improve its threat management system with system automation to detect and combat threats based on company-specific risk rules. It is super simple to configure them on the platform and create monitoring, analysis and incident response routines. The reports are customizable and full of data by day, week, month and year with the event response. It is a cost-effective solution.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
If you need a very customisable SIEM product this is a very good contender in the SIEM market. Having used SaaS solutions before that were not very customisable, Splunk ES is a welcome product. It has a wide user adoption so even the user-driven support is great, this helps a lot in creating your queries.
Giuseppe Cusello | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
I daily work in ES implementation for our customers so I hint to use ES in every Cyber Security protection situation because it ensembles threat detection features with notable and security incident management: it isn't a tool for specialists but for all security analysts. I think that it's well suited in all structured and/or big companies. It's difficult to implement (also for its costs) in small companies.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Less appropriate scenario:
- If you don't have enough employees, I recommend using MSSP or maybe other SIEM with Splunk core. It can be hard to catch and replace your current SIEM.
Well Suited scenario:
- Machine learning and statistics. we developed many use cases for anomaly detection and with Splunk, we implemented them and apply on real-time data!
Ramu S R | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise Security will be more suited in research dense areas, and also have a good scope in defense-related projects, cyber specialists, etc. It is less recommended for normal companies where the hosted application data do not require high-security environments. Also, this requires special admins to configure and monitor the logs effectively.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Working as a security software engineer, Splunk Enterprise Security is like my suite of premium tools to accomplish my work. Everyone who has been behind a monitoring screen for software threats understands how hectic false positives are. Splunk is however able to reduce the alert volumes by triaging notables and saving you from the false alerts nightmare.
AMJITH LAL S | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk is well suited for research-oriented projects where we require detailed log analysis and threat evaluation. It is well suited for cyber security companies and defense-related areas. Moreover, it requires sound knowledge of networking. I would prefer CCNP equivalent skillset to monitor and manage Splunk professionally in any enterprise or institution.
Return to navigation